Four Js Development Tools Forum

Discussions by product => Genero BDL => Topic started by: Gary C. on October 04, 2022, 12:39:54 pm



Title: SHA-1 Hash
Post by: Gary C. on October 04, 2022, 12:39:54 pm
Hello

We wish to stop our users (internal and external) from using passwords that are known to have featured in a security breach.

There is a web API for this which basically requires us to pass a UTF-8 SHA-1 hash of the password we want the check.

I'm struggling to take a string and convert it to the SHA-1 hash.

I am using this function (cribbed from the help file) to return the hash:

Code
  1. function sys_computeHash(sToDigest string, sAlgorithm string) returns string
  2.  
  3.  define sBase64,
  4.    sResult string,
  5.    dgst security.Digest
  6.  
  7.  try
  8.    let dgst = security.Digest.CreateDigest(sAlgorithm )
  9.    call dgst.AddStringData(sToDigest )
  10.    let sBase64 = dgst.DoBase64Digest()
  11.    let sResult = util.Strings.base64DecodeToString(sBase64)
  12.  catch
  13.    call sys_showMessage("Error", STATUS||" - "||SQLCA.SQLERRM, "")
  14.  end try
  15.  
  16.  return sResult
  17.  
  18. end function
  19.  

When executed, for a passed string of "Password1", the value of sBase64 is:

cMzZAHM41tgd07YnFiG5z5qX6gA=

But the call to base64DecodeToString returns null.

Using an online SHA-1 hash generator gives:

70ccd9007338d6d81dd3b6271621b9cf9a97ea00

The server this is being executed on has its character set to utf8.

I would welcome any guidance on where I may be going wrong.

Thanks

Gary


Title: Re: SHA-1 Hash
Post by: Gary C. on October 04, 2022, 04:47:08 pm
Hi

I have now realised I was using the wrong method:

dgst.DoHexBinaryDigest()

yields the desired results.